1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Outback Power
- Equipment: Mojave Inverter
- Vulnerabilities: Use of GET Request Method With Sensitive Query Strings, Exposure of Sensitive Information to an Unauthorized Actor, Command Injection
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to access sensitive data or inject commands.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Outback Power Mojave Inverter, a system for managing power in a residential grid-connected battery backup system, are affected:
- Outback Power Mojave Inverter: All versions
3.2 VU;NERABILITY OVERVIEW
3.2.1 Use of GET Request Method With Sensitive Query Strings CWE-598
The Mojave Inverter uses the GET method for sensitive information.
CVE-2025-26473 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
A CVSS v4 score has also been calculated forCVE-2025-26473. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N).
3.2.2 Exposure of Sensitive Information to an U
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from All CISA Advisories
Read the original article:
Read the original article: